Quickstart: Create an email device profile for iOS
In this quickstart, you’ll see how to create an email device profile for iOS devices. This profile specifies the settings that are required for the built-in email app on the iOS device to connect to company email. Email device profiles help standardize settings across devices, and they let end users access company email on their personal devices without any required setup on their part. To further safeguard your email, you can use an email profile to determine if devices are compliant, and then set up Conditional Access to allow only compliant devices to access email. For details about email profiles, see How to configure email settings in Microsoft Intune
If you don’t have an Intune subscription, sign up for a free trial account.
Sign in to Intune
Sign in to the Microsoft Endpoint Manager Admin Center as a Global Administrator or an Intune Service Administrator. If you have created an Intune Trial subscription, the account you created the subscription with is the Global administrator.
Create an iOS email profile
Select Devices > Configuration profiles > Create profile.
Under Name, enter a descriptive name for the new profile. For this example, enter iOS require work email.
Enter the following profile information:
For Description, enter Require iOS devices to use work email.
For Platform, select iOS.
For Profile type, select Email.
Select Settings, and enter the following settings (leave the defaults for other settings):
Email server: For this quickstart, enter outlook.office365.com. This setting specifies the Exchange location (URL) of the email server that the iOS mail app will use to connect to email.
Account name: Enter Company Email.
Username attribute from AAD: This name is the attribute Intune gets from Azure Active Directory (Azure AD). Intune dynamically generates the username for this profile using this name. For this quickstart, we’ll assume that we want the User Principal Name to be used as the username for the profile (for example, email@example.com).
Email address attribute from AAD: This setting is the email address from Azure AD that will be used to sign in to Exchange. For this quickstart, select User Principal Name.
Authentication method: For this quickstart, select Username and password. (You can also choose Certificate if you’ve already set up a certificate for Intune.)
Select OK > Create. The new profile appears on the profiles list with the dashboard displayed so you can monitor how the profile has been assigned to iOS devices and iOS users.
Select the Include tab, and then select All Users & All Devices.
Clean up resources
If you don’t intend to use the profile you created for additional tutorials or testing, you can delete it now.
- In Intune, select Device configuration, and then select Profiles.
- Select the test profile you created, iOS require work email.
- Select the ellipses (...) next to the profile, and then select Delete.
In this quickstart, you created an email profile for iOS devices. Now you can use this profile to determine whether an iOS device is compliant by creating a compliance policy that marks as noncompliant any iOS devices that don't match the profile. For further protection, you can create a Conditional Access policy that blocks noncompliant iOS devices from accessing email. For more information about device compliance policies, see Get started with device compliance policies in Intune.